Clear password without memset

trilogy-libraries · Apr 10, 2024 · 304e55d · 304e55d
1 parent f199c58
commit 304e55d
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/script/cibuild b/script/cibuild
@@ -55,7 +55,7 @@ export DISTRIBUTION_SLUG
 # and chmod this directory on the host so that the permissions are persisted when the
 # the directory is mounted in the containers. Since the mysql container runs as a non-root
 # user, we need to ensure that the directory is writable by all users.
-mkdir tmp/mysql-certs
+mkdir -p tmp/mysql-certs
 chmod 777 tmp/mysql-certs
 
 docker compose rm --stop --force --volumes

diff --git a/src/client.c b/src/client.c
@@ -404,7 +404,12 @@ int trilogy_auth_switch_send(trilogy_conn_t *conn, const trilogy_handshake_t *ha
 void trilogy_auth_clear_password(trilogy_conn_t *conn)
 {
     if (conn->socket->opts.password) {
-        memset(conn->socket->opts.password, 0, conn->socket->opts.password_len);
+        volatile char *password_ptr = (volatile char*)(conn->socket->opts.password);
+        while (conn->socket->opts.password_len--) {
+            *password_ptr++ = 0;
+        }
+        free(conn->socket->opts.password);
+        conn->socket->opts.password = NULL;
     }
 }